View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000652Kali LinuxNew Tool Requestspublic2013-10-14 23:302020-02-10 17:53
Reporteraltjx Assigned To 
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status closedResolutionwon't fix 
Summary0000652: smbspider - wonderful post exploitation for enumerating sensitive information
Description

Smbspider is a post-exploitation script that you can use to spider numerous systems that you have access to. It's extremely useful when you have some credentials and would like to discover what's in those shares that that user has access to.

Smbspider will take an imported list consisting of of IPs, Shares, //ip/share, and \ip\share formatted type paths. I've used this and similar tools and have always discovered NUMEROUS sensitive data including password documents, member SSNs, etc.

Also, you can use it to spider user profiles in order to avoid wasting time spidering the entire system. So it'll adjust its search based on Windows XP file system structure vs Windows Vista +. The profile option will spider only common user profile directories such as Documents, Desktop, Downloads, Music, Videos, etc. and you can output this list to a file so you can grep through it later.

Here are a few examples of using smbspider:

Usage menu: https://dl.dropboxusercontent.com/u/2526790/smbspider/smbspider.png
Example 0000001: https://dl.dropboxusercontent.com/u/2526790/smbspider/smbspider%201.png
Example #2: https://dl.dropboxusercontent.com/u/2526790/smbspider/smbspider%202.png
Usage video: https://dl.dropboxusercontent.com/u/2526790/smbspider/Smbspider%20in%20action.mp4

smbspider can be downloaded from my personal github account: https://github.com/altjx/ipwn

Activities

rhertzog

rhertzog

2013-10-15 14:09

administrator   ~0001006

Moving to “new tool request” since smbspider is not yet packaged.
g0tmi1k

g0tmi1k

2018-01-29 15:14

administrator   ~0008476

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

  • [Name] - The name of the tool
  • [Version] - What version of the tool should be added?
    --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
  • [Homepage] - Where can the tool be found online? Where to go to get more information?
  • [Download] - Where to go to get the tool?
  • [Author] - Who made the tool?
  • [Licence] - How is the software distributed? What conditions does it come with?
  • [Description] - What is the tool about? What does it do?
  • [Dependencies] - What is needed for the tool to work?
  • [Similar tools] - What other tools are out there?
  • [How to install] - How do you compile it?
  • [How to use] - What are some basic commands/functions to demonstrate it?
g0tmi1k

g0tmi1k

2020-02-10 17:53

administrator   ~0012174

This is for python 2 - which is EOL

https://github.com/altjx/ipwn/blob/master/smbspider/smbspider.py

Issue History

Date Modified Username Field Change
2013-10-14 23:30 altjx New Issue
2013-10-15 14:09 rhertzog Note Added: 0001006
2013-10-15 14:09 rhertzog Category Tool Upgrade => New Tool Requests
2018-01-29 15:14 g0tmi1k Note Added: 0008476
2019-12-09 13:30 g0tmi1k Severity minor => feature
2020-02-10 17:53 g0tmi1k Note Added: 0012174
2020-02-10 17:53 g0tmi1k Status new => closed
2020-02-10 17:53 g0tmi1k Resolution open => won't fix